A ruby gem to interact with the Cyberhaven incident API. Tested on Cyberhaven version 23.11.
sudo gem install cyberhaven-incidents
In order to run Cyberhaven Incidents, you are required to add these two variables to the top of your file, under the require cyberhaven-incidents line.
#!/usr/bin/ruby
require "cyberhaven-incidents"
## UPDATE THESE VARIABLES ------------------------------------------------------
$refreshToken = "API-REFRESH-TOKEN"
$deployment = "company.cyberhaven.io"## COMMANDS ########################################
Cyberhaven::Incidents::getBearerToken
## Incident Totals
Cyberhaven::Incidents::totalIncidents
Cyberhaven::Incidents::totalUnresolvedIncidents
Cyberhaven::Incidents::totalIgnoredIncidents
Cyberhaven::Incidents::totalInProgressIncidents
Cyberhaven::Incidents::totalResolvedIncidents
## Detailed Incident by ID
Cyberhaven::Incidents::Id::DetailedJson("incidentID")
Cyberhaven::Incidents::Id::DetailedYaml("incidentID")
Cyberhaven::Incidents::Id::DetailedReport("incidentID")
## Summarized Incident details by ID
Cyberhaven::Incidents::Id::SummaryJson("incidentID")
Cyberhaven::Incidents::Id::SummaryYaml("incidentID")
Cyberhaven::Incidents::Id::SummaryReport("incidentID")
## Incident details by user
puts Cyberhaven::Incidents::User::TotalIncidents("username")
puts Cyberhaven::Incidents::User::AllIncidents("username")
puts Cyberhaven::Incidents::User::AllIncidentsJson("username")
puts Cyberhaven::Incidents::User::AllIncidentsYaml("username")
Cyberhaven::Incidents::User::AllIncidentsCSV("username")
## Incident details by policy name
puts Cyberhaven::Incidents::Policy::TotalPolicyIncidents("policyName")
puts Cyberhaven::Incidents::Policy::AllIncidents("policyName")
puts Cyberhaven::Incidents::Policy::AllIncidentsJson("policyName")
puts Cyberhaven::Incidents::Policy::AllIncidentsYaml("policyName")
Cyberhaven::Incidents::Policy::AllIncidentsCSV("policyName")